Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-41883 Vulnerability in org.omnifaces:omnifaces (CVE-2026-41883)
vulnerability in org.omnifaces:omnifaces (CVE-2026-41883). Successful exploitation can lead to full system takeover. Exploitable via ``CDNResourceHandler``. Mitigation: upgrade to `5.2.3` or later.
CVE-2026-29975 Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
CVE-2026-34354 Vulnerability in privilege-escalation (CVE-2026-34354)
vulnerability in privilege-escalation (CVE-2026-34354). Successful exploitation can lead to full system takeover.
CVE-2026-29972 Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
CVE-2026-41570 Vulnerability in phpunit/phpunit (CVE-2026-41570)
vulnerability in phpunit/phpunit (CVE-2026-41570). Successful exploitation can lead to full system takeover. Exploitable via ``auto_prepend_file``. Mitigation: upgrade to `13.1.6` or later.
CVE-2026-38361 Vulnerability in dash-uploader (CVE-2026-38361)
vulnerability in dash-uploader (CVE-2026-38361). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.7.0a1` or later.
CVE-2025-67486 Vulnerability in dolibarr (CVE-2025-67486)
vulnerability in dolibarr (CVE-2025-67486). Successful exploitation can lead to full system takeover.
CVE-2026-41491 Path Traversal in github.com/dapr/dapr (CVE-2026-41491)
path traversal in github.com/dapr/dapr (CVE-2026-41491). Confidential information can be exposed externally. Exploitable via ``purell.NormalizeURLString``. Mitigation: upgrade to `1.15.14` or later.
CVE-2026-41493 Path Traversal in yard (CVE-2026-41493)
path traversal in yard (CVE-2026-41493). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.42` or later.
CVE-2026-25077 Code Injection in apache (CVE-2026-25077)
code injection in apache (CVE-2026-25077). Successful exploitation can lead to full system takeover.
CVE-2022-50994 OS Command Injection in CVE-2022-50994 (CVE-2022-50994)
OS command injection in CVE-2022-50994 (CVE-2022-50994). Successful exploitation can lead to full system takeover.
CVE-2025-13836 Vulnerability in python (CVE-2025-13836)
vulnerability in python (CVE-2025-13836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.10.20, 3.11.15, 3.12.13, 3.13.11, 3.14.1` or later.
CVE-2026-7330 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.
CVE-2026-5127 Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
CVE-2026-4935 SQL Injection in wordpress (CVE-2026-4935)
SQL injection in wordpress (CVE-2026-4935). Confidential information can be exposed externally.
CVE-2024-53326 Unsafe Deserialization in deserialization (CVE-2024-53326)
vulnerability in deserialization (CVE-2024-53326). Successful exploitation can lead to full system takeover.
CVE-2024-33288 SQL Injection in sqli (CVE-2024-33288)
SQL injection in sqli (CVE-2024-33288). Risk of unauthorized operations or information disclosure.
CVE-2024-27686 Vulnerability in dos (CVE-2024-27686)
vulnerability in dos (CVE-2024-27686). Risk of unauthorized operations or information disclosure.
CVE-2022-26522 Vulnerability in dos (CVE-2022-26522)
vulnerability in dos (CVE-2022-26522). Successful exploitation can lead to full system takeover.
CVE-2026-8133 Vulnerability in sqli (CVE-2026-8133)
vulnerability in sqli (CVE-2026-8133). Risk of unauthorized operations or information disclosure.
CVE-2026-8132 Vulnerability in sqli (CVE-2026-8132)
vulnerability in sqli (CVE-2026-8132). Risk of unauthorized operations or information disclosure.
CVE-2026-8129 Vulnerability in sqli (CVE-2026-8129)
vulnerability in sqli (CVE-2026-8129). Risk of unauthorized operations or information disclosure.
CVE-2026-8130 Vulnerability in sqli (CVE-2026-8130)
vulnerability in sqli (CVE-2026-8130). Risk of unauthorized operations or information disclosure.
CVE-2026-8131 Vulnerability in sqli (CVE-2026-8131)
vulnerability in sqli (CVE-2026-8131). Risk of unauthorized operations or information disclosure.
CVE-2026-43943 OS Command Injection in electerm (CVE-2026-43943)
OS command injection in electerm (CVE-2026-43943). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.9` or later.
CVE-2026-43940 Path Traversal in electerm (CVE-2026-43940)
path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.
CVE-2026-42275 Path Traversal in github.com/openziti/zrok (CVE-2026-42275)
path traversal in github.com/openziti/zrok (CVE-2026-42275). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.2` or later.
CVE-2026-42261 Vulnerability in ssrf (CVE-2026-42261)
vulnerability in ssrf (CVE-2026-42261). Confidential information can be exposed externally. Exploitable via `POST /api/skills/fetch-remote`.
CVE-2026-41900 OS Command Injection in openlearnx (CVE-2026-41900)
OS command injection in openlearnx (CVE-2026-41900). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.0.3` or later.
CVE-2026-8126 Vulnerability in sqli (CVE-2026-8126)
vulnerability in sqli (CVE-2026-8126). Risk of unauthorized operations or information disclosure.
CVE-2026-8128 Vulnerability in sqli (CVE-2026-8128)
vulnerability in sqli (CVE-2026-8128). Risk of unauthorized operations or information disclosure.
CVE-2026-7541 Vulnerability in dos (CVE-2026-7541)
vulnerability in dos (CVE-2026-7541). Risk of unauthorized operations or information disclosure.
CVE-2026-41105 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41105)
SSRF in ssrf (CVE-2026-41105). Confidential information can be exposed externally.
CVE-2026-32207 Cross-Site Scripting (XSS) in microsoft (CVE-2026-32207)
cross-site scripting in microsoft (CVE-2026-32207). Successful exploitation can lead to full system takeover.
CVE-2026-8098 Vulnerability in sqli (CVE-2026-8098)
vulnerability in sqli (CVE-2026-8098). Risk of unauthorized operations or information disclosure.
CVE-2026-42449 SSRF (Server-Side Request Forgery) in n8n-mcp (CVE-2026-42449)
SSRF in n8n-mcp (CVE-2026-42449). Confidential information can be exposed externally. Exploitable via ``N8NDocumentationMCPServer``. Mitigation: upgrade to `2.47.14` or later.
CVE-2026-42499 Vulnerability in golang (CVE-2026-42499)
vulnerability in golang (CVE-2026-42499). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-42010 Vulnerability in gnu (CVE-2026-42010)
vulnerability in gnu (CVE-2026-42010). Confidential information can be exposed externally.
CVE-2025-1978 Code Injection in hitachi (CVE-2025-1978)
code injection in hitachi (CVE-2025-1978). Risk of unauthorized operations or information disclosure.
CVE-2026-44513 Code Injection in diffusers (CVE-2026-44513)
code injection in diffusers (CVE-2026-44513). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``. Mitigation: upgrade to `0.38.0` or later.
CVE-2026-44827 Code Injection in diffusers (CVE-2026-44827)
code injection in diffusers (CVE-2026-44827). Successful exploitation can lead to full system takeover. Exploitable via ``DiffusionPipeline.from_pretrained``. Mitigation: upgrade to `0.38.0` or later.
CVE-2026-6973 KEV [KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-44240 Vulnerability in basic-ftp (CVE-2026-44240)
vulnerability in basic-ftp (CVE-2026-44240). Risk of unauthorized operations or information disclosure. Exploitable via ``FtpContext._partialResponse``. Mitigation: upgrade to `5.3.1` or later.
CVE-2026-29080 SQL Injection in rucio (CVE-2026-29080)
SQL injection in rucio (CVE-2026-29080). Successful exploitation can lead to full system takeover. Exploitable via `GET /dids/`. Mitigation: upgrade to `40.1.1` or later.
CVE-2026-20035 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-20035)
SSRF in ssrf (CVE-2026-20035). Risk of unauthorized operations or information disclosure.
CVE-2026-33079 Vulnerability in mistune (CVE-2026-33079)
vulnerability in mistune (CVE-2026-33079). Risk of unauthorized operations or information disclosure. Exploitable via ``LINK_TITLE_RE``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-29090 SQL Injection in rucio (CVE-2026-29090)
SQL injection in rucio (CVE-2026-29090). Successful exploitation can lead to full system takeover. Exploitable via `GET /dids/`. Mitigation: upgrade to `40.1.1` or later.
CVE-2026-34282 Vulnerability in java (CVE-2026-34282)
vulnerability in java (CVE-2026-34282). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
CVE-2026-21945 Vulnerability in java (CVE-2026-21945)
vulnerability in java (CVE-2026-21945). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481, 11.0.30, 17.0.18, 21.0.10, 25.0.2` or later.
CVE-2025-7424 Vulnerability in java (CVE-2025-7424)
vulnerability in java (CVE-2025-7424). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →